CVE-2024-57439: RuoYi vulnerable to Denial of Service by attackers with admin privileges

January 29, 2025

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

References

gitee.com/y_project/RuoYi
github.com/advisories/GHSA-qq5h-rjj9-q9qg
github.com/peccc/restful_vul/blob/main/ruoyi_dos/ruoyi_dos.md
github.com/yangzongzhuan/RuoYi
nvd.nist.gov/vuln/detail/CVE-2024-57439
ruoyi.vip/

Code Behaviors & Features

Detect and mitigate CVE-2024-57439 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →